deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated for 5358843-files76to100

Browse Source
This commit is contained in:
Ashok Lobo
2021-09-07 11:56:23 +05:30
parent 607c914c8d
commit a012698fe7
25 changed files with 26 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
# Create a basic audit policy for an event category
**Applies to**
- Windows 10
By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization. On devices that are joined to a domain, auditing settings for the event categories are undefined by default. On domain controllers, auditing is turned on by default.

6
windows/security/threat-protection/auditing/event-1100.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 1100(S): The event logging service has shut down.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-1100.png" alt="Event 1100 illustration" width="449" height="317" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-1102.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 1102(S): The audit log was cleared.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-1102.png" alt="Event 1102 illustration" width="449" height="336" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-1104.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 1104(S): The security log is now full.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-1104.png" alt="Event 1104 illustration" width="449" height="317" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-1105.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 1105(S): Event log automatic backup
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-1105.png" alt="Event 1105 illustration" width="572" height="317" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-1108.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 1108(S): The event logging service encountered an error while processing an incoming event published from %1.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-1108.png" alt="Event 1108 illustration" width="613" height="429" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4608.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4608(S): Windows is starting up.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4608.png" alt="Event 4608 illustration" width="449" height="317" hspace="10" align="top" />

6
windows/security/threat-protection/auditing/event-4610.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4610(S): An authentication package has been loaded by the Local Security Authority.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4610.png" alt="Event 4610 illustration" width="656" height="317" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4611.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4611(S): A trusted logon process has been registered with the Local Security Authority.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4611.png" alt="Event 4611 illustration" width="449" height="393" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4612.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
**Applies to**
- Windows 10
- Windows Server 2016
This event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk.

6
windows/security/threat-protection/auditing/event-4614.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4614(S): A notification package has been loaded by the Security Account Manager.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4614.png" alt="Event 4614 illustration" width="449" height="317" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4615.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4615(S): Invalid use of LPC port.
**Applies to**
- Windows 10
- Windows Server 2016
It appears that this event never occurs.

6
windows/security/threat-protection/auditing/event-4616.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4616(S): The system time was changed.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4616.png" alt="Event 4616 illustration" width="522" height="518" hspace="10" align="top" />

6
windows/security/threat-protection/auditing/event-4618.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4618(S): A monitored security event pattern has occurred.
**Applies to**
- Windows 10
- Windows Server 2016
***Subcategory:***&nbsp;[Audit System Integrity](audit-system-integrity.md)

5
windows/security/threat-protection/auditing/event-4621.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,9 +16,6 @@ ms.technology: mde
# 4621(S): Administrator recovered system from CrashOnAuditFail.
**Applies to**
- Windows 10
- Windows Server 2016
This event is logged after a system reboots following [CrashOnAuditFail](/previous-versions/windows/it-pro/windows-2000-server/cc963220(v=technet.10)?f=255&MSPPError=-2147217396). It generates when CrashOnAuditFail = 2.

8
windows/security/threat-protection/auditing/event-4622.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4622(S): A security package has been loaded by the Local Security Authority.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4622.png" alt="Event 4622 illustration" width="449" height="317" hspace="10" align="left" />
@ -101,4 +97,4 @@ These are some Security Package DLLs loaded by default in Windows 10:
For 4622(S): A security package has been loaded by the Local Security Authority.
- Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “**Security Package Name”** field value in the allow list or not.
- Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “**Security Package Name”** field value in the allowlist or not.

6
windows/security/threat-protection/auditing/event-4624.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4624(S): An account was successfully logged on.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4624.png" alt="Event 4624 illustration" width="438" height="668" hspace="10" />

6
windows/security/threat-protection/auditing/event-4625.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4625(F): An account failed to log on.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4625.png" alt="Event 4625 illustration" width="449" height="780" hspace="10" align="top" />

6
windows/security/threat-protection/auditing/event-4626.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4626(S): User/Device claims information.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4626.png" alt="Event 4626 illustration" width="549" height="771" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4627.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4627(S): Group membership information.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4627.png" alt="Event 4627 illustration" width="554" height="896" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4634.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 11/20/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4634(S): An account was logged off.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4634.png" alt="Event 4634 illustration" width="449" height="431" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4647.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4647(S): User initiated logoff.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4647.png" alt="Event 4647 illustration" width="449" height="392" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4648.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4648(S): A logon was attempted using explicit credentials.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4648.png" alt="Event 4648 illustration" width="486" height="663" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4649.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4649(S): A replay attack was detected.
**Applies to**
- Windows 10
- Windows Server 2016
This event generates on domain controllers when **KRB\_AP\_ERR\_REPEAT** Kerberos response was sent to the client.

6
windows/security/threat-protection/auditing/event-4656.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4656(S, F): A handle to an object was requested.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4656.png" alt="Event 4656 illustration" width="764" height="895"/>